CLAIMS 

What is claimed is: 



1 LA method for providing access control in a protocol stack, comprising the 

2 steps of: 

3 (a) receiving a request to perform an operation at a layer of the protocol stack; 

4 (b) calling an access mediator; 

5 (c) determining if the request is to be granted based upon a predetermined 

6 security policy by the access mediator; and 

7 (d) providing the determination by the access mediator. 

Of 2. The method of claim 1 ? wherein the receiving step (a) comprises: 

fl (al) receiving the request by the layer to perform the operation on an object by a 

13 subject at the layer of the protocol stack. 

W 3 . The method of claim 1 , wherein the calling step (b) comprises : 

r 2 (b 1 ) calling the access mediator by the layer. 

1 4. The method of claim 1 9 wherein the providing step (d) comprises: 

2 (dl) returning the determination by the access mediator to the layer. 

1 5. The method of claim 1, wherein the receiving step (a) comprises: 

2 (al) receiving the request by a layer manager to perform the operation on an object 
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3 by a subject at the layer of the protocol stack. 

1 6. The method of claim 5, wherein the layer manager interfaces with each layer 

2 of the protocol stack, wherein the layer manager handles data flow to each layer of the 

3 protocol stack. 

1 7. The method of claim 1 , wherein the calling step (b) comprises: 

2 (b 1 ) calling the access mediator by a layer manager. 

8. The method of claim 7, wherein the access mediator is implemented in the 

& 

llU layer manager. 

H 9. The method of claim 1 , wherein the providing step (d) comprises: 

j§ (dl) returning the determination by the access mediator to a layer manager. 

► ; 1 10. The method of claim 1 , wherein the calling step (b) further comprises: 

2 (bl) passing a subject's identity, an object's identity, and a requested operation to 

3 the access mediator. 

1 11. The method of claim 1 , further comprising: 

2 (e) allowing the operation to be performed at the layer if the determination is to 

3 grant the request. 
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1 12. The method of claim 1 , further comprising: 

2 (e) blocking the operation if the determination is to not grant the request. 

1 1 3 . A method for providing access control in a protocol stack, comprising the 

2 steps of: 

3 (a) receiving a request by a layer of the protocol stack to perform an operation at 

4 the layer; 

5 (b) calling an access mediator by the layer; 

6 (c) determining if the request is to be granted based upon a predetermined 
If security policy by the access mediator; and 

Hi (d) providing the determination by the access mediator to the layer. 

!! lil 

y l 14. A method for providing access control in a protocol stack, comprising the 

jf steps of: 

y| (a) receiving a request by a layer manager to perform an operation at a layer of 

h*4 the protocol stack; 

5 (b) calling an access mediator by the layer manager; 

6 (c) determining if the request is to be granted based upon a predetermined 

7 security policy by the access mediator; and 

8 (d) providing the determination by the access mediator to the layer manager. 
1 15. A system, comprising: 
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2 a plurality of layers of a protocol stack; and 

3 an access mediator, wherein each layer of the protocol stack may call the access 

4 mediator to determine if a request to perform an operation at a layer of the protocol stack is 

5 to be granted. 

1 1 6 . A system, comprising : 

2 a plurality of layers of a protocol stack; and 

3 a layer manager, wherein the layer manager is interfaced with each of the plurality of 

4 stack components, wherein the layer manager comprises an access mediator, wherein layer 
JJ manager may call the access mediator to determine if a request to perform an operation at a 
fli layer of the protocol stack is to be granted. 

y 1 17. A computer readable medium with program instructions for providing access 

If control in a protocol stack, comprising the steps of: 

y| (a) receiving a request to perform an operation at a layer of the protocol stack; 

IH4 (b) calling an access mediator; 

5 (c) determining if the request is to be granted based upon a predetermined 

6 security policy by the access mediator; and 

7 (d) providing the determination by the access mediator. 
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